Cyber Incident Victim: Harare Institute of Technology

The Harare Institute of Technology experienced a cybersecurity breach in June 2017, during which an unauthorized individual gained access to institutional databases. The attacker demanded a ransom of US$999 in exchange for returning the stolen files and claimed to have secured all of HIT's databases. This initial compromise exposed sensitive institutional data, though specific details about the scope of the 2017 breach were not publicly disclosed. On or around May 28, 2018, a new data leak emerged involving HIT, with over 3,500 student account credentials appearing in a publicly accessible database. The relationship between the 2018 leak and the 2017 breach remained unclear, as sources could not confirm whether the 2018 data represented a new intrusion or a reemergence of previously stolen information from the prior incident. No ransom demand was reported in connection with the 2018 credential leak.

The 2018 exposure specifically compromised student account credentials, potentially enabling unauthorized access to educational systems or personal information. The breach affected a minimum of 3,500 individuals associated with the institute, creating risks of identity theft or academic record manipulation. Public reports did not specify whether HIT implemented enhanced security measures following the 2017 attack prior to the 2018 leak. The institute faced recurring operational security challenges, as evidenced by the two incidents occurring within a twelve-month period. Technology news platform TechZim covered both events, though institutional responses to the credential leak were not detailed in available sources. The repeated breaches highlighted systemic vulnerabilities in HIT's information security infrastructure during this timeframe.